SSL offloading for SharePoint 2019

Tayyab Rana 1 Reputation point
2021-01-21T16:41:08.24+00:00

Hello All experts!

Please help me on this problem or point me to the right direction. Thanks
We have SP 2019 on premises 2FE + 2APP + 1DB, NetScaler for SSL offloading
We have many host name site collections
I have configured NetScaler and SP 2019 as per documentation says - root site collection on hhtp:// and all other site collections are on https:// This is my structure http://mysite.domain.com, https://a.domain.com, https://b.domain.com.
From client machine all these URLs are accessible without any problem. Here is my problem. HTTPS URLs are not accessible directly from server. the impact is Search service is not working. Crawler is not able to access any of https site collection.
Please help me out and thanks in advance.

SharePoint Server Management
SharePoint Server Management
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Management: The act or process of organizing, handling, directing or controlling something.
2,846 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Trevor Seward 11,691 Reputation points
    2021-01-21T17:08:37.067+00:00

    Is there a reason you're using SSL Offloading? It is generally considered insecure as data can be sniffed between the Netscaler and SharePoint. When using OAuth tokens (i.e. Office Online Server, SharePoint Addins, etc.), they depend on transport security. An intercepted plain text OAuth token can be replayed and the attacker will be granted the same level of access as the user who made the request.

    1 person found this answer helpful.

  2. ChelseaWu-MSFT 6,316 Reputation points
    2021-01-22T06:08:27.52+00:00

    If the “HTTPS URLs are not accessible directly from server” then the SSL Offloading is possibly not configured properly. Please see the article here for explanation and tutorial: Configuring Citrix Netscaler for SharePoint SSL Offloading.

    You can then add the HTTPS URLs (Default zone) to the Content Source to be accessible by Crawler, referring to another post here: Sharepiont 2013 Search is not working on Https Site.
    Note that SSL certification needs to be installed and added to Certificate store.

    Another post for your reference: Enabling SSL on Sharepoint site and Offloading Certificate with F5.

    *Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link. *


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    **Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. **